TSA Phishing and Scam Sites Take Aim At US Travelers

There has been a swift uptick in reports of phishing and scams related to TSA PreCheck, Global Entry, and NEXUS application service sites, in which customers are being charged $140 to receive nothing in return.

Initial reports appeared in March 2021, and by July threat actors were abusing Google Ads to promote fake TSA websites on Google to increase traffic.

A recent report by Abormal Security confirms that the scam sites and phishing activities are still ongoing, and indeed increasing as the Christmas travel season approaches.

TSA PreCheck is a program that allows people to pass through a quicker and easier screening process at the airport.

People who enroll in the program receive a background check once and can then travel across the US without removing personal items or going through vigorous checks each time they fly.

Especially during the pandemic, when people seek to spend the minimum amount of time in crowded places, there’s an increasing number of travelers who sign up for this program.

The TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).

Threat actors are sending phishing emails to individuals informing them of the expiration of their TSA PreCheck membership, and attempting to convince to renew by following an embedded URL.

Screenshot 2021 11 23 at 13

These emails take the victim to fake renewal sites that were made to appear legitimate and also use convincing domain names such as:

  • airportprescreen[.]com
  • airportprescreening[.]com
  • applyfornexuscard[.]com
  • assist-gov[.]com
  • applyglobaltraveler[.]com
  • easynexusapplication[.]com
  • fastpassapplication[.]com
  • lowrisktraveler[.]com
  • immigrationvisaforms[.]com
  • travelauthorizationusa[.]com

Using a top-level domain such as ‘.com’ adds a sense of legitimacy to unsuspecting targets, increasing the chance of scamming a target.

Screenshot 2021 11 23 at 13.5

Many of the phishing/scam sites seen by Abnormal Security include an interesting disclaimer, which states buyers don’t have a guaranteed chance of success with the renewal.

“We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.”

This may be missed easily, given that people generally don’t read service disclaimers. However, the fact that Paypal is the only available payment method should tip individuals off that the phishing site is not legitimate.

The regular fee is $70, while the threat actors list their price at $139.99

Screenshot 2021 11 23 at 13.58.30

Abnormal Security recommends that if an individual wishes to renew TSA PreCheck, Clear, or Global Entry membership that they should not Google, as it is likely they will encounter a bogus ad.

Instead, visit the Homeland Security’s Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.

Protection Against Phishing

Attacks like the Conti Ransomware campaign show that cyberattacks are increasing at an exponential rate, and both government and business leaders are underprepared to face the fallout of an attack. There are several tools internet users should use to increase their online protection. One of these tools is SaferNet.

SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories

Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.

Leave a Reply

Your email address will not be published. Required fields are marked *